<?php
/**********************此文件控制下载权限，避免下载其他学校的项目*****************************/

require_once("./include/bm_config.php");
require_once("./include/funcs.php");
$is_admin = isset($_SESSION['administrator']) || isset($_SESSION[$BM_ADMIN]);
if (!isset($_SESSION['user_id'])) 
{
    echo "<script language='javascript'>\n";
    echo "alert('用户未登录！');\n";
    echo "history.go(-1);\n";
    echo "</script>";
    exit(0);
}
$user_id = $_SESSION['user_id'];
if (isset($_GET['file']) && isset($_GET['rz'])) {
    $file    = $_GET['file'];
    $team_id = intval($file);
    $rz      = $_GET['rz'];
    if (!$is_admin) 
    {
        $sql         = "SELECT `user_school` FROM `cr_user` WHERE `user_id` = '$user_id'";
        $result      = mysql_query(sql);
        $row         = mysql_fetch_object($result);
        $user_active = $row->user_active;
        $user_school = $row->user_school;
        
        if ($user_active == 'N') 
        {
            echo "<script language='javascript'>\n";
            echo "alert('用户未验证~~');\n";
            echo "history.go(-1);\n";
            echo "</script>";
            exit(0);
        }
        
        mysql_free_result($result);
        $sql    = "SELECT `team_school` FROM `cr_team` WHERE `team_id` = $team_id";
        $result = mysql_query(sql);
        $row    = mysql_fetch_object($result);
        if ($row->team_school != $user_school) 
        {
        	
            echo "<script language='javascript'>\n";
            echo "alert('没有下载权限!');\n";
            echo "history.go(-1);\n";
            echo "</script>";
            exit(0);
        }
    }
    
    $file_addr = $UPLOAD_ROUT . $file . "." . $rz;
    do_download($file_addr, $rz);
    
    
    
} 
else if (isset($_GET['unum']) && isset($_GET['rz'])) 
{
    $unum     = $_GET['unum'];
    $user_num = intval($unum);
    $rz       = $_GET['rz'];
    if (!$is_admin) 
    {
        $sql    = "SELECT `user_num` FROM `cr_user` WHERE `user_id` = '".$user_id."'";
        $result = mysql_query($sql);
        $row    = mysql_fetch_object($result);
        if ($user_num != $row->user_num) 
        {
            echo "<script language='javascript'>\n";
            echo "alert('没有下载权限!');\n";
            echo "history.go(-1);\n";
            echo "</script>";
            exit(0);
        }
    }
    $file_addr = $UPLOAD_USERDOC_ROUT . $unum . "." . $rz;
    do_download($file_addr, $rz);
}


else 
{
    echo "<script language='javascript'>\n";
    echo "alert('这儿什么都没有~~');\n";
    echo "history.go(-1);\n";
    echo "</script>";
    exit(0);
}
?>
